Option to Disable Security Warnings for Blind Signing

[AdamB2023]

Please add an option for experienced users to disable the repeated security warnings related to Blind Signing.

Justification:
For users who are familiar with the processes and risks associated with Blind Signing, the current system of continuous warnings can become cumbersome and redundant. This is especially true for those who engage in frequent transactions and already understand the inherent risks. By allowing users to disable these warnings, we can streamline their workflow and improve the overall user experience without compromising the security measures for less experienced users.

Technical Considerations:

• Security: Acknowledge the importance of maintaining robust security measures by requiring users to confirm their understanding of the risks before enabling this option. This could be achieved through a detailed warning message and confirmation step.
• Implementation: Integrate this feature in a way that maintains the app’s current security posture for all users by default, while providing enhanced usability for those with advanced knowledge and frequent usage patterns.

Conclusion:
Incorporating an option to disable Blind Signing warnings for experienced users would significantly enhance the efficiency and user experience for a significant portion of the Ledger community, while still prioritizing security for all users.

[jomajewaa]

12 confirmations flow can not be serious!
@apaillier-ledger you're the one who did that commit. Did any user ever asked about that?
While making things worse for end-user you should always allow to opt-out from it, don't treat everyone like newbie.
Currently with blind-sign all the info beside target address is useless, so literally it could be 10 less clicks.

[tdejoigny-ledger]

@AdamB2023 @jomajewaa Thank you for your comments.

We have launched a major initiative at Ledger this year on clear-signing, with the aim of making transactions more transparent and secure for the largest number of people. That's why this feature has been implemented.

Please refer to https://support.ledger.com/article/E8-This-transaction-cannot-be-trusted

[0x398]

@tdejoigny-ledger this is not a feature, but a terrible user UX. It is OK to force user read these lengthy screens once or twice, but not everyday for 10 times per day. Users who use DeFi a lot, a well aware of the risks and constantly scrolling through all this screens is very annoying. Make this warnings optional! 1 screen warning for new transactions is enough once user have read all the screens previously!

[l3wi]

Whole heartedly agree with OP.

I've just put the Flex unit in the draw after less than two days using it. My Nano with older firmware is a much better UX even with 1/10th of the screensize.

Incorporating an option to disable Blind Signing warnings for experienced users would significantly enhance the efficiency and user experience for a significant portion of the Ledger community, while still prioritizing security for all users.

Ledger should treat advanced users with the respect they deserve, of they'll push them to other vendors. Its relatively simple to place a toggle in the app's setting to disable the E8 warning. Why not do it?

12 confirmations flow can not be serious! @apaillier-ledger you're the one who did that commit. Did any user ever asked about that? While making things worse for end-user you should always allow to opt-out from it, don't treat everyone like newbie. Currently with blind-sign all the info beside target address is useless, so literally it could be 10 less clicks.

I was legitimately flabergasted when I did my first contract interaction on the Flex. 10ish clicks of useless information that didn't help me verify any of the data being signed.

---

I see that @fbeutin-ledger's PR [#627] was approved. Showing a hash of calldata is small step in the right direction but still falls short of whats needed.

[vforgeoux-ledger]

Hello everyone,

With the Ethereum 1.11.1 app update, we introduced additional screens to be reviewed for blind-signed transactions, emphasizing the risks associated with signing them.

We’ve listened to the community's feedback and have taken it into account.

The Ethereum app version 1.11.2 (now available in Ledger Live "My Ledger" tab) reintroduces the blind-signing setting without the new warning screens displayed on Nano devices when signing these transactions. On Stax and Flex, friction has also been lightened. (Changelog).

We're keeping on working on the various initiatives that will enable better clear signing coverage, so that blind signing becomes increasingly rare. We will continue to value and consider your feedback moving forward.